Application No. 10/591,065 Amendment 

AMENDMENTS TO THE CLAIMS 
1. (Currently Amended) A method for an application server in a visited network a 
roaming user to establish a security association with a user an application server in a visited 
network , comprising the steps of: 

receiving, by the application server in the visited networks receiving a service request 
message from the roaming user, said service request message containing a Bootstrapping- 
Transaction Identifier (B-TID), the B-TID being assigned to the roaming user by a 
Bootstrapping Server Function (BSF) based upon a mutual authentication of the roaming user 
with the BSF that performs user identity initial verification in a generic authentication 
architecture in a home network of the roaming user; 

inquiring, by the application server in the visited network inquiring from a proxy an 
authentication entity in the visited network about the roaming user's user information of the 
user associated with the B-TID, the user information comprising user authentication results of 
the generic authentication architecture in the roaming user's home network of the user ; 

identifying, by the proxy in the visited network, authentication entity finding out the 
home network to which the user belongs according to the B-TID; 

acquiring, by the proxy in the visited network, authentication entity acquiring the user 
information associated with the B-TID from the BSF in the roaming user's home network of 
the user; r-and 

returning , by the proxy in the visited network, the acquired user information to the 
application server; 

obtaining, by the application server in the visited network, obtaining the roaming 
user's user information of the user comprising the user authentication results of the generic 
authentication architecture in the roaming user's home network of the user ; and 
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establishing, by the application server in the visited network, establishing a security 
association with the roaming user according to the user authentication results of the generic 
authentication architecture in the roaming user's home network of the user . 

2. (Canceled) 

3. (Currently Amended) The method according to Claim 1, wherein the authentication 
entity in the visited network is a BSF or a generic authentication architecture proxy in the 
visited network; 

the step of the BSF or the generic authentication architecture proxy in the visited 
network acquiring the user information associated with the B-TID from the roaming user's 
home network of the user comprises: 

the BSF or the generic authentication architocturo proxy in the visited network 
directly sending , by the proxy in the visited network, a query message to the BSF in the 
roaming user's home network of the user to inquire , inquiring about the user information 
associated with the B-TID; and 

obtaining , by the proxy in the visited network, the user information associated with 
the B-TID from the response message returned by the BSF in the roaming user's home 
network of the user . 

4. (Currently Amended) The method according to Claim 3, wherein the generic 
authentication architocturo proxy in the visited network is an independent server, or a server 
combined with an authentication, authorization and accounting (AAA) server in the leeal 
visited network, or a server combined with the application server in the visited leeal network. 

5-6. (Canceled) 
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7. (Currently Amended) The method according to Claim 1, wherein the user 
information comprises at least: key information and an identity of the user user's identity . 

8-9. (Canceled) 

10. (Currently Amended) The method according to Claim 7, wherein the user 
information [[also]] further comprises [[the]] profile information associated with security. 

11-12. (Canceled) 

13. (Currently Amended) The method according to Claim 7, wherein the key information 
is a shared key (Ks] generated in the mutual authentication, or a derived key of the Ks K-s- 
derived key and [[its]] a valid term of the derived key . 

14-15. (Canceled) 

16. (Currently Amended) An application server in a communication network comprising 
a home network and a visited network of a roaming user , comprising: 

circuitry adapted for receiving configured to receive a service request message from 
the roaming user containing a Bootstrapping-Transaction Identifier (B-TID) from a user , the 
B-TID being assigned to the roaming user by a Bootstrapping Server Function (BSF) based 
upon a mutual authentication of the roaming user with the BSF that performs user identity 
initial verification in a generic authentication architecture in [[the]] a home network of the 

circuitry adapted for inquiring configured to inquire from a proxy in a visited network 
an authentication entity about an authentication in the visited network to obtain the roaming 
user' s user information of the user associated with the B-TID; the roaming user' s user 
information of the user comprising user authentication results of the generic authentication 
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architecture in the roaming user's home network of the user ; 

circuitry adapted for obtaining configured to obtain the roaming user's user 
information of the user from the proxy in the visited network authentication entity after the 
proxy in the visited network authentication entity finds out identifies the home network to 
which the user belongs according to the B-TID and acquires the user information associated 
with the B-TID from the BSF in the roaming user's home network of the user ; and 

circuitry adapted for establishing configured to establish a security association with 
the roaming user according to the user authentication results of the generic authentication 
architecture in the roaming user's home network of the user . 

17. (Currently Amended) The application server accoring according to Claim 16, 
wherein the user information comprises at least: key informaitn information and the user's an 
identity of the user . 

18. (Currently Amended) A communication system, comprising; 

an application server in a visited network, the application server configured to receive 
a service request message containing a Bootstrapping-Transaction Identifier (B-TID) from a 
user, the B-TID being assigned to the user by a Bootstrapping Server Function (BSF) based 
upon a mutual authentication of the user with the BSF that performs user identity initial 
verification in a generic authentication architecture in a home network of the user, obtain the 
user information of the user from a proxy in the visited network, and establish a security 
association with the user according to the user authentication results of the generic 
authentication architecture in the home network of the user; and 

the proxy configured to identify the home network to which the user belongs 
according to the B-TID, acquire the user information associated with the B-TID from the 
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BSF in the home network of the user, and return the acquired user information to the 
application server, according to any of claims 16 17, wherein the application server is 
connected with the authentication entity, and the authentication entity comprises circuitry 
adapted for finding out a user's home network entity. 

19. (Canceled) 

This listing of claims replaces all prior versions, and listings, of claims in the 
application. 
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